<?
    class Principio_Acl extends Zend_Acl
    {
        public function __construct()
        {
            $this->addRole("admin");
            $this->addRole("superadmin", "admin");

            $this->add(new Zend_Acl_Resource("admin_allow"));
            $this->add(new Zend_Acl_Resource('index/index'),'admin_allow');

            $this->add(new Zend_Acl_Resource("users"));
            $this->add(new Zend_Acl_Resource('users/index'),'users');

            $this->deny(null, null, null);
            $this->allow("admin", null, null);
            $this->deny("admin", "users", null);
            $this->deny("admin", "admin_allow", null);
            $this->allow("superadmin", "users", null);
        }

        public function has_access()
        {
            $request = Zend_Controller_Front::getInstance()->getRequest();
            $resource = $request->getControllerName() . '/' . $request->getActionName();
            $storage_data = Zend_Auth::getInstance()->getStorage()->read();
            $model_user = Principio_Model_UserMapper::get($storage_data["user_id"]);
            $role = ($model_user->getRole() == "2")? "superadmin" : "admin";

            return $this->isAllowed($role, $resource);
        }

        public function setAccessDenied()
        {
            $front = Zend_Controller_Front::getInstance();
            $response_http = new Zend_Controller_Response_Http();
            $response_http->setRedirect("/denied");
            $front->setResponse($response_http);
        }
    }
?>